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DETAILED ACTION 

1 . Claims 1 , 3-6, 8-1 0, 1 3-1 9 and 22-26 are pending in tliis application. No claim 
amendments have been made in the response filed 22 April 2009. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1, 5, 8, 9-10, 13-14, 18-19 and 22-23 are rejected under 35 
U.S.C. 102(b) as being anticipated by Coley et al. (US 5,826,014). 

4. With respect to Claim 1 , Coley disclosed: "A network connection apparatus (Col. 
8, lines 43-46), comprising: 

a computer-readable medium storing a computer program (Col. 8, lines 55-57), 
which when executed by a computer processor, comprises 

a join module for connecting a second network, to which the join module belongs, 
with a first network in response to an inter-network connection request message 
transmitted from the first network (Col. 7, lines 35-39), setting a security level of the first 
network to a set security level (Col. 7, lines 54-56 and Col. 8, lines 66-67, where the 
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levels include authorized and not authorized), and controlling network command 
messages in response to the set security level (Col. 7, lines 54-56 and Col. 8, lines 66- 
67, where communication from authorized networks are allowed and communication 
from unauthorized networks are discarded); 

a connection module for receiving the inter-network connection request message 
transmitted from the first network (Col. 7, lines 42-46) and connecting the first network 
with the second network (Col. 8, lines 66-67); 

an authentication/security module for determining whether to allow a connection 
of the first network that has transmitted the inter-network connection request message 
to the connection module (Col. 7, lines 47-50), and setting and checking the security 
level of the first network (Col. 7, lines 54-56 and Col. 8, lines 66-67, where the levels 
include authorized and not authorized); and 

a transmission module for transmitting a requested network command message 
requested by the first network when the connection is allowed by the 
authentication/security module (Col. 10, lines 36-39); 

wherein the security level is applied differently depending on the first network to 
be connected (Col. 9, lines 33-40)". 

5. With respect to Claim 9, Coley disclosed: "A method for connecting separate 
networks (Col. 8, lines 43-46), comprising: 

(a) transmitting an initial inter-network connection request message to a second 
network by a first network (Col. 7, lines 39-42); 
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(b) analyzing the initial inter-network connection request message and setting a 
security level of the first network to a set security level by the second network (Col. 7, 
lines 54-56 and Col. 8, lines 66-67, where the levels include authorized and not 
authorized); 

(c) transmitting a network command message to the second network by the first 
network (Col. 11, lines 1-10); 

(d) checking, by the second network, the set security level of the first network 
which has transmitted the network command message (Col. 9, lines 33-40); and 

(e) transmitting the searched checked security level and the network command 
message to the second network (Col. 10, lines 36-39); 

wherein the security level is applied differently depending on the first network to 
be connected (Col. 9, lines 33-40); and 

wherein (b) comprises analyzing the initial inter-network connection request 
message (Col. 7, lines 42-46) and determining whether to allow a connection between 
the first and the second networks (Col. 7, lines 54-56 and Col. 8, lines 66-67)". 

6. With respect to Claim 18, Coley disclosed: "A method for connecting separate 
networks (Col. 8, lines 43-46), comprising: 

(a) receiving an initial inter-network connection request message from an 
external network (Col. 7, lines 39-42); 
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(b) analyzing the initial inter-network connection request message and setting a 
security level of the external network to a set security level (Col. 7, lines 54-56 and Col. 
8, lines 66-67, where the levels include authorized and not authorized); 

(c) receiving a network command message from the external network (Col. 11, 

lines 1-10); 

(d) checking the set security level of the external network which has 
transmitted the network command message (Col. 9, lines 33-40); and 

(e) transmitting the checked security level and the network command message to 
another network to which the external network is connected (Col. 10, lines 36-39); 

wherein the security level is applied differently depending on the external network 
to be connected (Col. 9, lines 33-40); and 

wherein (b) comprises analyzing the initial inter-network connection request 
message and determining whether to allow a connection between the external and the 
another networks (Col. 7, lines 54-56 and Col. 8, lines 66-67)". 

7. With respect to claim 5 Coley disclosed: "The apparatus as claimed in claim 1 , 
wherein the connection module contains connection information about the first network 
or the devices present in the first network (Col. 10, lines 36-39, where to forward 
network messages to the destination the firewall must know the address of the 
destination device)". 
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8. With respect to claim 8 Coley disclosed: "The apparatus as claimed in claim 1 , 
wherein the transmission module transmits the network command messages 
transmitted and received between the first network and the second network to which the 
join module belongs (Col. 7, lines 14-17)". 

9. With respect to Claims 10 and 19, Coley disclosed: "wherein the initial inter- 
network connection request message includes information about the first network that 
has transmitted the initial inter-network connection request message (Col. 9, lines 33- 
39, where the source address is information about the first network that has transmitted 
the request)". 

10. With respect to Claims 13 and 22, Coley disclosed: "wherein (e) comprises 

transmitting a notify message to the first network (Col. 12, lines 6-9, where initiating a 
connection is transmitting a notification message because the first network is notified of 
the newly initiated connection)". 

1 1 . With respect to Claims 14 and 23, Coley disclosed: "The method as claimed in 
claim 9, further comprising: transmitting a response message for the network command 
message by the second network (Col. 7, lines 39-42, where network messages can be 
in the HTTP format, indicating they use TCP/IP, and TCP messages are responded to 
with an ACK by the recipient); and checking a security level for the response message 
of the second network (Col. 2, line 61 - Col. 3, line 1, where a firewall is used by private 
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networks to check inquiries from the public network and reject unauthorized users, or 
users who do not meet the required security level)". 

Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl<ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 3-4, 15-16 and 24-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Coley in view of Shah et al. (US 2003/0051009 A1). 

14. With respect to Claim 3, Coley did not explicitly state: "The apparatus as claimed 
in claim 1, wherein the computer program stored on the computer-readable medium 
further comprises: a management module for collecting and managing information 
about devices present in the second network by performing a discovery process for the 
devices; and a component module for generating a component representing services of 
the devices present in the second network on a basis of the information about the 
devices collected by the management module". 

However, Shah disclosed: "The apparatus as claimed in claim 1, wherein the 
computer program stored on the computer-readable medium further comprises: a 
management module for collecting and managing information about devices present in 



Application/Control Number: 10/816,887 Page 8 

Art Unit: 2451 

the second network (Shah, [0031], lines 1-3) by performing a discovery process for the 
devices (Shah, [0031], lines 7-10); and 

a component module for generating a component representing services of the 
devices present in the second network on a basis of the information about the devices 
collected by the management module (Shah, [0031], lines 3-7)". 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the network access system of Coley with the home network 
access system of Shah since they both disclose teachings related to accessing a 
private network from an external network. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention to modify the network access system of Coley with the teachings of 
Shah to include support for a management module. Motivation to combine these 
references comes from Shah, where: "With such dynamically maintained records, when 
the external node queries about the state of a particular device, the requested 
information may be retrieved directly from either the device cache or the device view 
and the response to the query may be generated without connecting to the device" 
([0031], lines 10-15). Therefore by combining the references one does not have to 
connect to a device in order to view the status of the device. 
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1 5. With respect to Claim 4, the combination of Coley and Shah disclosed: "The 
apparatus as claimed in claim 3, wherein the computer program stored on the 
computer-readable medium further comprises: 

a stack module for transmitting a control message to the devices present in the 
second network (Shah, [0033], lines 1-3); and 

a lookup service module for storing information about the component generated 
by the component module in a lookup table (Shah, [0031], lines 1-5), and searching for 
component information of a specific device upon a request for a service of the specific 
device (Shah, [0031], lines 10-15)". 

The motivation to combine is the same as that above in claim 3. 

1 6. With respect to Claims 1 5 and 24, Coley disclosed: "searching for devices 

corresponding to the checked security level (Col. 12, lines 1-5)". 

Coley did not explicitly state: "further comprising, if the network command 
message is a search message for looking for a device present in the second network" or 
"and transmitting information about the devices". 

However, Shah disclosed: "further comprising, if the network command message 
is a search message for looking for a device present in the second network ([0036], 
lines 5-7)", and "and transmitting information about the devices (Shah, [0037], lines 5- 
10)". 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the network access system of Coley with the home network 
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access system of Shah since they both disclose teachings related to accessing a 
private network from an external network. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention to modify the network access system of Coley with the teachings of 
Shah to include support for a search message looking for a device and transmitting 
information about that device. Motivation to combine these references comes from 
Shah, where: "With such dynamically maintained records, when the external node 
queries about the state of a particular device, the requested information may be 
retrieved directly from either the device cache or the device view and the response to 
the query may be generated without connecting to the device" ([0031], lines 10-15). 
Therefore by combining the references one can obtain the status of the private network 
elements from the external network. 

1 7. With respect to Claim 1 6, Coley did not explicitly state: "The method as claimed 
in claim 9, further comprising, if the network command message is a message for 
requesting information about a specific device present in the second network, searching 
component information about the specific device among component information about 
the devices present in the second network and transmitting the component information 
about the specific device". 

However, Shah disclosed: "The method as claimed in claim 9, further comprising, 
if the network command message is a message for requesting information about a 
specific device present in the second network ([0026], lines 3-6), searching component 
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information about the specific device among component information about tlie devices 
present in the second network ([0031], lines 1-10) and transmitting the component 
information about the specific device ([0037], lines 5-10)". 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the network access system of Coley with the home network 
access system of Shah since they both disclose teachings related to accessing a 
private network from an external network. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention to modify the network access system of Coley with the teachings of 
Shah to include support for a search message looking for a device and transmitting 
information about that device. Motivation to combine these references comes from 
Shah, where: "With such dynamically maintained records, when the external node 
queries about the state of a particular device, the requested information may be 
retrieved directly from either the device cache or the device view and the response to 
the query may be generated without connecting to the device" ([0031], lines 10-15). 
Therefore by combining the references one can obtain the status of the private network 
elements from the external network. 

18. Claims 6, 17, and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Coley in view of Zintel et al. (US 6,725,281). 
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1 9. With respect to Claim 6, Coley did not explicitly state: "The apparatus as claimed 
in claim 1 , wherein the connection module checks periodically whether the first network 
transmits a transmitted network command message every predetermined period of time, 
and terminates the connection if the transmitted network command message is not 
received within the predetermined period of time". 

However, Zintel disclosed: "The apparatus as claimed in claim 1 , wherein the 
connection module checks periodically whether the first network transmits a transmitted 
network command message every predetermined period of time (Col. 36, lines 13-14), 
and terminates the connection if the transmitted network command message is not 
received within the predetermined period of time (Col. 36, lines 13-15)". 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the network access system of Coley with the home network 
system of Zintel since they both disclose teachings related to accessing devices on a 
network. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the network communication system and security protocol 
of Coley with the teachings of Zintel to include terminating connection if a message is 
not received in a certain period of time. Motivation to combine these references comes 
from Zintel, "The scenario is this: A UCP subscribes to a CD, then the UCP reboots. 
Meanwhile, the CD is still trying to send notifications to that UCP. If the UCP never 
comes back, the subscription would be leaked because the UCP never told the CD that 
it was going away." (Col. 36, lines 3-8). By combining the network communication and 
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security system of Coley with the timeout feature of Zintel, the network communications 
will be protected against leaked subscriptions. 



20. With respect to Claims 17 and 26, Coley did not explicitly state: "further 
comprising, if the network command message is not received from the first network 
within a predetermined period of time, terminating a connection between the first and 
the second networks". 

However Zintel disclosed: "further comprising, if the network command message 
is not received from the first network within a predetermined period of time (Col. 36, 
lines 13-14), terminating a connection between the first and the second networks (Col. 
36, lines 13-15)". 

One of ordinary skill in the art at the time of the invention would have been 
motivated to combine the network access system of Coley with the home network 
system of Zintel since they both disclose teachings related to accessing devices on a 
network. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the network communication system and security protocol 
of Coley with the teachings of Zintel to include terminating connection if a message is 
not received in a certain period of time. Motivation to combine these references comes 
from Zintel, "The scenario is this: A UCP subscribes to a CD, then the UCP reboots. 
Meanwhile, the CD is still trying to send notifications to that UCP. If the UCP never 
comes back, the subscription would be leaked because the UCP never told the CD that 
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it was going away." (Col. 36, lines 3-8). By combining the network communication and 
security system of Coley with the timeout feature of Zintel, the network communications 
will be protected against leaked subscriptions. 

Response to Arguments 

21 . Applicant's arguments filed 22 April 2009 have been fully considered but they are 
not persuasive. 

22. Applicant argues: "Coley fails to teach or even suggest 'setting a security level of 
the first network (i.e., requesting network to a set security level.' Although the proxy 
agents may deem an incoming request 'authorized' or 'unauthorized,' the proxy agent 
does not set the security level of the requesting network" (pg 3, lines 13-16). 

Examiner respectfully disagrees. Coley disclosed: "Source address verification 
can be based on a check of the validity of one or more specific addresses, or, on a 
range of address values... Such a check involves a determination of whether a host 
source address of an incoming packet comports with a list of authorized or unauthorized 
addresses, or is within a designated range" (Col. 9, lines 33-39). Therefore, if the 
source address is in a specific range of addresses (a specific network of addresses) 
that are on the authorized list, the incoming packet is deemed authorized and therefore 
the specific network (to which the source address belongs) has a security level of 
authorized. On the other hand, if the packet is discarded in this step, the network is 
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deemed unauthorized and tlie network has a security level of unauthorized. These 
security levels are set for the requesting network because a range of addresses that a 
specific address belongs to (for example the first octet has a value of between 0 and 
100, see Col. 9, lines 34-35) comprises a network. The security level of the network is 
set when a proxy agent rejects or accepts a packet from a specific address within the 
network address range. 

23. Applicant further argues claims 9 and 18 recite similar limitations to claim 1 and 
are therefore allowable. Examiner respectfully disagrees, see rejections and arguments 
above. 

24. Applicant further argues: "the reference [Coley] fails to teach or suggest that the 
proxy agent transmits the checked security level to the destination machine" (pg 4, lines 
3-5). 

Examiner respectfully disagrees. As discussed in the arguments in section 22 
above, the security level of the network in Coley is set when a proxy agent rejects or 
accepts a packet from a specific address within the network address range. Thereafter, 
a proxy agent which accepts a packet will initiate a request to the destination machine 
(see Col. 10, lines 36-39). Thus, the destination machine only sees requests which are 
from a network with a security level of authorized, and the sending of the request to the 
destination machine indicates to the destination machine the security level of the 
requesting network is authorized. The unauthorized network requests are never sent to 
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the destination nnachine, therefore all requests to the destination machine indicate to the 
destination machine that the requesting network is authorized. Since these requests 
come from the proxy agent (Col. 10, lines 36-39), the proxy agent transmits the security 
level of the requesting network to the destination machine. 

25. Applicant further argues dependent claims are allowable because of their 
dependent nature on independent claims 1 , 9 and 18. Examiner respectfully disagrees, 
see rejections and arguments above. 

26. Applicant further argues: "Shah fails to teach or suggest maintaining a view of the 
services of the devices that are currently available" (pg 5, lines 6-7). 

Examiner respectfully disagrees. Shah disclosed: "The universal control 
mechanism 230 includes both a device view 330 and a device cache 320. The former 
maintains a view of each device and its current state" (Shah, [0031], lines 1-3). A 
current state of a device can mean its supported services. A destination port indicates 
the service associated with the destination (See Coley, Col. 3, lines 63-64). 
Furthermore, a state of a device can include indicating which port numbers are in use at 
a device (see, for example, Krause, US 6,005,864, Col. 3, lines 29-45). Therefore, by 
knowing a devices current state (as in Shah, [0031], lines 1-3), the system of Shah can 
report which port numbers are in use at a device, and since port numbers correspond to 
services, the current state of a device will indicate the services of the device. 
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Conclusion 

27. THIS ACTION IS MADE FINAL. Applicant is reminded of tine extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MATTHEW S. LINDSEY whose telephone number is 
(571)270-381 1 . The examiner can normally be reached on Mon-Thurs 7-5, Fridays 7- 
12. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

MSL 

8/10/2009 



/Hassan Phillips/ 

Primary Examiner, Art Unit 2451 



